CVE - CVE-2007-4987

CVE-ID
CVE-2007-4987	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:25766 URL:http://www.securityfocus.com/bid/25766 BUGTRAQ:20071112 FLEA-2007-0066-1 ImageMagick URL:http://www.securityfocus.com/archive/1/483572/100/0/threaded CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=186030 CONFIRM:http://www.imagemagick.org/script/changelog.php CONFIRM:https://issues.rpath.com/browse/RPL-1743 DEBIAN:DSA-1858 URL:http://www.debian.org/security/2009/dsa-1858 GENTOO:GLSA-200710-27 URL:http://security.gentoo.org/glsa/glsa-200710-27.xml IDEFENSE:20070919 Multiple Vendor ImageMagick Off-By-One Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=595 MANDRIVA:MDVSA-2008:035 URL:http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:035 MLIST:[Magick-announce] 20070917 ImageMagick 6.3.5-9, important security updates URL:http://studio.imagemagick.org/pipermail/magick-announce/2007-September/000037.html SECTRACK:1018729 URL:http://www.securitytracker.com/id?1018729 SECUNIA:26926 URL:http://secunia.com/advisories/26926 SECUNIA:27048 URL:http://secunia.com/advisories/27048 SECUNIA:27309 URL:http://secunia.com/advisories/27309 SECUNIA:27364 URL:http://secunia.com/advisories/27364 SECUNIA:27439 URL:http://secunia.com/advisories/27439 SECUNIA:28721 URL:http://secunia.com/advisories/28721 SECUNIA:36260 URL:http://secunia.com/advisories/36260 SUSE:SUSE-SR:2007:023 URL:http://www.novell.com/linux/security/advisories/2007_23_sr.html UBUNTU:USN-523-1 URL:http://www.ubuntu.com/usn/usn-523-1 VUPEN:ADV-2007-3245 URL:http://www.vupen.com/english/advisories/2007/3245 XF:imagemagick-readblogstring-bo(36739) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/36739
Assigning CNA
MITRE Corporation
Date Record Created
20070919	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070919)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)